Microsoft Security Advisory 2798897

Fraudulent Digital Certificates Could Allow Spoofing

Published: January 03, 2013 | Updated: January 14, 2013

Version: 1.1

General Information

Executive Summary

Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.

To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory.

Recommendation. For systems using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), including Windows 8, Windows RT, Windows Server 2012, and devices running Windows Phone 8, no action is needed as these systems will be automatically protected.

For Windows XP and Windows Server 2003 customers or customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 2798897 update be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually. For more information, see the Suggested Actions section of this advisory.

What is the scope of the advisory?The purpose of this advisory is to notify customers that Microsoft has confirmed that one fraudulent digital certificate has been used in active attacks affecting several Google web properties. This certificate and two other certificates have been untrusted and added to the CTL. For systems using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), including Windows 8, Windows RT, and Windows Server 2012, no action is needed as these systems will be automatically protected.

For Windows XP and Windows Server 2003 customers, customers who have not installed Microsoft Knowledge Base Article 2677070, or for any disconnected systems unable to connect to Microsoft Update, an update for all supported releases of Microsoft Windows is available that addresses the issue.

What caused the issue? Microsoft became aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR was used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.

During the investigation, the *.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org certificates were identified as having been issued incorrectly; they lacked CRL or OCSP extensions and were incorrectly issued as end-entity certs. Therefore, as a precautionary measure, we are revoking the trust of these certificates as well.

What is cryptography?Cryptography is the science of securing information by converting it between its normal, readable state (called plaintext) and one in which the data is obscured (known as ciphertext).

In all forms of cryptography, a value known as a key is used in conjunction with a procedure called a crypto algorithm to transform plaintext data into ciphertext. In the most familiar type of cryptography, secret-key cryptography, the ciphertext is transformed back into plaintext using the same key. However, in a second type of cryptography, public-key cryptography, a different key is used to transform the ciphertext back into plaintext.

What is a digital certificate?In public-key cryptography, one of the keys, known as the private key, must be kept secret. The other key, known as the public key, is intended to be shared with the world. However, there must be a way for the owner of the key to tell the world who the key belongs to. Digital certificates provide a way to do this. A digital certificate is a tamperproof piece of data that packages a public key together with information about it (who owns it, what it can be used for, when it expires, and so forth).

What are certificates used for?Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally you won’t have to think about certificates at all. You might, however, see a message telling you that a certificate is expired or invalid. In those cases you should follow the instructions in the message.

What is a certification authority (CA)?Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate.

What is a Certificate Trust List (CTL)?A trust must exist between the recipient of a signed message and the signer of the message. One method of establishing this trust is through a certificate, an electronic document verifying that entities or persons are who they claim to be. A certificate is issued to an entity by a third party that is trusted by both of the other parties. So, each recipient of a signed message decides if the issuer of the signer's certificate is trustworthy. CryptoAPI has implemented a methodology to allow application developers to create applications that automatically verify certificates against a predefined list of trusted certificates or roots. This list of trusted entities (called subjects) is called a certificate trust list (CTL). For more information, please see the MSDN article, Certificate Trust Verification.

What might an attacker do with these certificates?An attacker could use these certificates to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against the following web properties:

*.google.com

*.android.com

*.appengine.google.com

*.cloud.google.com

*.google-analytics.com

*.google.ca

*.google.cl

*.google.co.in

*.google.co.jp

*.google.co.uk

*.google.com.ar

*.google.com.au

*.google.com.br

*.google.com.co

*.google.com.mx

*.google.com.tr

*.google.com.vn

*.google.de

*.google.es

*.google.fr

*.google.hu

*.google.it

*.google.nl

*.google.pl

*.google.pt

*.googleapis.cn

*.googlecommerce.com

*.gstatic.com

*.urchin.com

*.url.google.com

*.youtube-nocookie.com

*.youtube.com

*.ytimg.com

android.com

g.co

goo.gl

google-analytics.com

google.com

googlecommerce.com

urchin.com

youtu.be

youtube.com

What is a man-in-the-middle attack?A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker’s computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user.

What is Microsoft doing to help with resolving this issue?Although this issue does not result from an issue in any Microsoft product, we are nevertheless updating the CTL and providing an update to help protect customers. Microsoft will continue to investigate this issue and may make future changes to the CTL or release a future update to help protect customers.

After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?For systems using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), including Windows 8, Windows RT, and Windows Server 2012, you can check the Application log in the Event Viewer for an entry with the following values:

For administrators and enterprise installations who want to be automatically protected by using the automatic updater of revoked certificates, review Microsoft Knowledge Base Article 2677070 to help ensure it is appropriate for your environment as disconnected systems or environments with strict egress filtering require additional consideration.

For Windows XP and Windows Server 2003 customers or customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 2798897 update be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually. See Microsoft Knowledge Base Article 2798897 for download links.

Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Other Information

Acknowledgments

Microsoft thanks the following for working with us to help protect customers:

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

V1.0 (January 3, 2013): Advisory published.

V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"